Tag: Diffie-Hellman

A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre-existing knowledge of one another. Which of the following technologies would allow for this?

A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?

Incorrect Answers:
A: SHA-256 can used to detect violations of data integrity. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
B: AES is a specification for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
D: 3DES is symmetric-key algorithm for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an
unencrypted channel.

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO).

Explanation:
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret
over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a
symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman).
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is
the ephemeral component of each of these that provides the perfect forward secrecy.

Incorrect Answers:
A: PBKDF2 is to strengthen keys, but it would resolve the problem with the key exchange on an unsecure channel.
PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5
v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
B: Symmetric encryption would not in itself help on an unsecure channel.
C: Steganography is the process of hiding one message in another. Steganography is not used for secure key negotiation.